The Entry's Key Role in Physical Security Risk Mitigation Strategies

All businesses face many risks on several fronts, every day. Risks to a business, to its employees, to its physical assets and to general workplace productivity increase significantly when an unauthorized person has gained access into a controlled area. Many businesses have recently chosen to take a preventative stance on these risks, recognizing that the investment to protect their business from incurring these risks is better than trying to perform damage control after a problem has occurred.

Contents

The Changing Face of Business Risk and Liability

Recent events have changed the sort of risks that businesses need to consider when planning their physical security. Today the list of potential risks is longer than ever, and includes threats that are faster-occurring and far more dangerous than those of the past. Active shooters, workplace violence, terrorist incidents, and cyber attacks are all possible threats to a modern business that businesses should put in prevention plans to try to mitigate. These all pose problems not just for employee safety and productivity, but also for the continuing functioning of the business.

In addition, businesses need to consider liability issues posed by these threats. If a firm is found in the wake of an event to have neglected to factor in security that could have prevented the event, it could be held liable for the resulting damages. This could lead to crippling liability judgments, loss of status and reputation, disruptions to productivity, and changeovers in staff and management. The liability risk posed by these threats can often outweigh the problems presented by the threats themselves. Increasing the physical security of a business helps protect not only the employees and the facility, but the integrity of the operation.

Regulations have also changed as the threats to business operations have evolved, requiring businesses to remain in compliance or face penalties and possible business disruption. The passing of Homeland Security legislation to protect critical infrastructure has included industries such as Manufacturing, Energy, Transportation, Technology, and others. With these regulations-- such as FISMA, NERC CIP 14 4-6, ISO, Food Defense, OSHA, and a variety of other regulatory legislation and departments— it is now in a business’ best interest to determine and mitigate threats and stay within compliance.

It is for this reason that the entrances to a business facility have needed to evolve. In the past, the style and operation of the doors may have been specified by the architect, engineer, or building contractor and have been based on compliance to safety guidelines regarding egress (during a fire, for example). Considering the desire for user convenience and an overall design aesthetic for the facility, sliding or swinging doors were typically selected. Managers were often under-informed of the security implications of the selections being made for them, because the people choosing the style of entrances did not often have any security background. The result was buildings equipped with doors that could neither deter criminals nor reduce vulnerabilities, leaving businesses open to liability and threats from outside.

Swinging Doors Sacrifice Security for Convenience

Even with the most sophisticated access control solution deployed in the lobby and main entrances, if there is one single swinging door anywhere on a perimeter, the facility is in fact fully vulnerable. Swinging doors create risk for businesses because they cannot prevent unauthorized intrusions. This creates a physical security risk for an organization that can lead to a liability should an intruder cause harm or loss.

While sensors can be installed on swinging doors to detect certain situations – for example, that a door remains open, or that more than one person has entered on a valid authorization (known as “tailgating”) – the swinging door itself cannot prevent such intrusions. For businesses with existing swinging doors, there can be no denial of either risk or liability in the case of an incident. Many facilities employ guards to monitor swinging doors and deal with incidents when they occur. However, human nature means that guards are subject to distractions, absenteeism, fatigue, being spread too thin or overwhelmed during busy periods, and all the other issues that can come with relying on a human being for security. There is even a term in the hacker universe for getting around security guards: social engineering. Guards perform a crucial role, but without reliable technology to support them in controlling physical access into facilities, they leave firms open and vulnerable to being held liable in the aftermath.

The tools to fix this gap – security entrances – are readily available to help protect business employees and assets. Security entrances are the most reliable and proven solution available today, and can tremendously reduce both the physical and cyber security risks associated with intruders.

Physical Security Is Integral To Protecting Data

As the internet has connected more and more of our world, security teams have needed to consider the implications of protecting their virtual assets as well as their physical assets. Historically, that has been the responsibility of the IT department, as they were considered to have a better knowledge of how to secure data, while Physical Security protected the physical facility. Today physical and cyber security not only protect each other, but also have a shared role in the protection of data, and must be planned and supported in a coordinated way to ensure that protection is effective.

If, for example, a hacker gains remote control of a building’s access control system through external networks, then the physical security of a facility is compromised—a problem that has potential repercussions across multiple business operations. Conversely, if a physical intruder to the facility gains access to an internal data network by plugging into an Ethernet port or walking out with a stolen server, then firewalls are compromised, and all of your data is fully vulnerable. Either failure puts intellectual property and other information at risk, including business strategies, financial records, pricing, product design data, personal information about employees and much more.

Regulations concerning data protection often do not consider presence of a standard swinging door (or gate, if outdoors) as compliant, given the risk of unauthorized entry. Non-compliant firms may be subject to significant fines and other actions.

Here are some examples:

How Security Entrance Solutions Mitigate Risk

Security entrances reduce liability by demonstrating a plausible degree of effort to prevent infiltration. They protect the personal safety and security of staff, visitors and anyone else in your facility. But, not all security entrance solutions are created equal. There are four categories to consider for effective entrance implementation: crowd control, deterrence, detection, and prevention.

Crowd Control - Level 1

Tripod turnstiles fall under the crowd control category, and are often deployed in areas where large numbers of people need to access a secure area during a limited amount of time, such as stadiums, factories, transit terminals and high-occupancy, high-rise buildings. There are no detection sensors, therefore manned security is needed to deter tailgating attempts.

Deterrent - Level 2

Entrances with a full-height barrier deter casual attempts at incursion by climbing or crawling. A full height turnstile is often placed at the perimeter as a first layer of physical security, or utilized as an “exit only” to allow people to leave easily while deterring them from entering without authorization. While the turnstile will prevent tailgating, with collusion, two small people can physically piggyback in a single compartment.

Detection - Level 3

Optical turnstiles are capable of detecting tailgating attempts, sounding an alarm to alert nearby staff. This solution is most commonly utilized in corporate lobbies where the management of both staff and guests is important. Tailgating attempts are possible with optical turnstiles, therefore the presence of a guard to deter attempts and/or respond immediately is critical.

Prevention - Level 4

At this level of security, true tailgating and piggybacking prevention for higher-security facilities is available. Security revolving doors and mantrap portals fall into this category, and not only serve as a visual deterrent, but physically deny all forms of unauthorized entry – including tailgating and piggybacking – completely. They incorporate full height barriers to prevent crawling under and climbing over, as well as sensors to ensure that only one person, the authorized and credentialed individual, passes through at a time. As well, these entrances can provide a rich assortment of metrics, including authorization received, passage completed, tailgating/piggybacking rejections inbound or outbound, biometric access control rejections, safety rejections, and emergency button rejections. These full-service security entrances create complete entry protection for a business to mitigate the risk and liability caused by unauthorized entry.

Conclusion

There are a wide variety of solutions that can provide security at the entrance to a facility, but many do not adequately compensate for the possible risks posed in today’s environment. Modern security entrances can help to mitigate business risk by preventing unauthorized access and providing essential metrics to physical security operations. Ultimately, security entrances are a good investment for any organization that needs to control access to any points in their facilities.